Author Topic: old virus samples are not detected in my vmware system  (Read 6443 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: old virus samples are not detected in my vmware system
« Reply #15 on: December 27, 2015, 12:43:13 AM »
please replay  for previous  post

the thing i do not understand is why  deep screen does not have a generic  detections for there behavior  example  file infection  behavior and other malicious   behavior

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: old virus samples are not detected in my vmware system
« Reply #16 on: December 28, 2015, 01:25:18 PM »
Avast Deepscreen does not have generic detections for every piece of malware. If it did, we wouldn't need any conventional detections :).

REDACTED

  • Guest
Re: old virus samples are not detected in my vmware system
« Reply #17 on: December 31, 2015, 02:09:42 AM »
about deep screen

i know it analyzes file  behavior  then creates a  the feature vector and submits it to cloud

can you explain to me  in detail what is feature vector   like what details does it  extracts from executable

yesterday i notice a  sample that i ran  first time and  it ran without autosand box even  popping up and running but then ran it 2 time and it flagged it as
FileRepMalware have no idea why  it did not run  in autosandbox first time i ran it

right now i am analyzing  file infectors 

and noticed  autosand box is not even stopping very  malicious   behavior

how long does it take for cloud to analyze  new behavior and  classify it as malicious

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: old virus samples are not detected in my vmware system
« Reply #18 on: January 03, 2016, 05:34:32 PM »
can you explain to me  in detail what is feature vector   like what details does it  extracts from executable
No, I can't. One, I am not sure if some (all?) of the information is public, and two, the information we extract is changing constantly.

how long does it take for cloud to analyze  new behavior and  classify it as malicious
Sometimes it can be done automatically, and then it is fast, sometimes it needs manual resolution, and then it can be a bit slower.

I am sorry I cannot provide you with anything truly specific :-[

REDACTED

  • Guest
Re: old virus samples are not detected in my vmware system
« Reply #19 on: January 05, 2016, 01:57:10 AM »
if autosand box has analyzed sample many times  and not  blocked it does it mean i have to send it to lab for it to get analyzed and blocked

i waited a day or more for  cloud  to  classify it but  it has not
« Last Edit: January 05, 2016, 02:02:40 AM by julevine »

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: old virus samples are not detected in my vmware system
« Reply #20 on: January 05, 2016, 10:41:34 AM »
We have many samples to process both automatically and manually. We prioritize those that actually appear in our userbase. If this is a 6 year old sample, there is 99.99999999 % chance that we already have it, so there is no need to send it over to be analyzed. It is just not viable to analyze old, low prevalent samples when there are many new samples that might be undetected as we speak now.

REDACTED

  • Guest
Re: old virus samples are not detected in my vmware system
« Reply #21 on: March 08, 2016, 05:23:45 AM »
i was  using zoo samples and  99% were blocked by deep screen 
but now there not

deep screen will not block the malicious  behavior now
it like the behavior signatures is excluded now  from deep screen  database

I do not understand why deep screen will not block virus/file infecting behavoir

What has changed? Or going on

« Last Edit: March 09, 2016, 02:38:31 AM by julevine »